Firewalls: to manage or not to manage – that is the question

A colleague of mine recently wrote a blog about Advanced Persistent Threats (APTs) and how next generation firewalls are leading the global fight against them and the hackers. As threats continue to evolve and evade traditional security measures, these next generation solutions are able to provide advanced application level security to protect the network while delivering the performance levels required. The intelligence behind these solutions means that they’re capable of communicating these threats on a global scale so that the benefits are felt throughout the business community and not just on your network.

While most companies accept the need for protection provided by next generation firewalls, some may be confused over whether to buy, install and manage their own network protection or turn to an expert to manage the next generation firewall on their behalf.

So what do you need to know when considering your management options? Choosing between a managed firewall or an unmanaged solution usually comes down to a few simple questions:

Internal resources: Like all managed services it’s often a simple choice between whether you have the skills, time and resources internally to take over the management of the firewall or not. If you do have a security expert internally then it makes sense to put the management of the firewall under their control but consider whether they’ll be able to support the solution 24/7 or just 9-5. If however, you’re not in the business of security then it makes sense to hand it over to someone who is.

In addition to accessing these skills, you’ll also benefit from 24/7/365 support with a skilled team who are just a call away. It also means that you mitigate risk, by transferring responsibility to a provider who deals with next generation firewalls all day, every day.

Efficiency: There are gains to be made by handing over the management of the firewall to an expert. On-going monitoring, upgrades, patches and reporting benefit from economies of scale since the managed service provider will be rolling these out across a number of clients.

Performance: In the same way cost efficiencies can be gained, performance efficiencies are also more likely with a managed service proposition. Typically the provider will be able to negotiate a better deal with the vendor than you would be able to because of the increased volumes taken.

Cost versus control: The two are in direct relationship to managed or unmanaged services. If keeping costs down are important then a managed service will typically work out more cost effective than training and utilising internal resources, but if high levels of hands on control is important then managing the firewall yourself is a better option.

The decision to manage your next generation firewall internally or to hand it over to an expert is a relatively simple one. But what’s clear is the need for companies to ensure that they have a solution to fight threats in place. The good news is that networks are better protected than ever with the new generation of firewalls, and there are different solutions to fit every company need or type.

Finally, it’s important that organisations don’t find themselves relying on technology that is unable to evolve with the threat landscape. Think of it this way, 20 years ago bank robberies were typically pulled off by someone with a balaclava and armed with a shotgun. The banks used CCTV and plastic screens for protection. Back then it would be hard to imagine that financial crime would largely shift online, and that banks would replace CCTV and screens with anti-virus software and user-education programmes to protect their interests. In the same way, organisations should periodically take a step back, scrutinise their security stance and make sure their defence systems are evolving to mitigate threats effectively.